DatingDapp
AI First Flight #6
Beginner FriendlyFoundrySolidityNFT
EXP
View results
Previous Next
Submission Details
Impact: high
Likelihood: high
Invalid

# `LikeRegistry::likeUser` requires 1 or more broadcasts. The user may not see and send more.

just

LikeRegistry::likeUser requires 1 or more broadcasts. The user may not see and send more.

Description

  • The user, having read the documentation on the site, sees that a like costs 1 airtime, this is according to the official documentation.

  • But I also have the opportunity to send more, but the function of returning the excess to the user is missing.

function likeUser(address liked) external payable {
@> require(msg.value >= 1 ether, "Must send at least 1 ETH");
require(!likes[msg.sender][liked], "Already liked");
require(msg.sender != liked, "Cannot like yourself");
require(
profileNFT.profileToToken(msg.sender) != 0,
"Must have a profile NFT"
);
require(
profileNFT.profileToToken(liked) != 0,
"Liked user must have a profile NFT"
);
likes[msg.sender][liked] = true;
emit Liked(msg.sender, liked);

Risk

Loss of trust in the project, where it is clearly stated that in order to rate a user and send him a like it will cost 1 ether. Therefore, the reckless may send more. This will often happen, which undermines the authority of the protocol.

Impact:

Careless people can and will send more, without the possibility of a refund for the extra.

Proof of Concept

  1. First, we give users funds.

  2. We create NFTs for everyone.

  3. We like from Alice => Bob, thereby not checking and sending 5 ethers, instead of 1 ether.

  4. We check the contract balance and see a balance of 5 ethers.

  5. The test is successful.

LikeRegistry like;
SoulboundProfileNFT nft;
address alice = makeAddr("alice");
address bob = makeAddr("bob");
function setUp() public {
nft = new SoulboundProfileNFT();
like = new LikeRegistry(address(nft));
}
function testLikeUserPayableMoreThan1Ether() public {
vm.deal(alice, 10 ether);
vm.deal(bob, 10 ether);
vm.prank(alice);
nft.mintProfile("Alice", 25, "ipfs://profileImage");
vm.prank(bob);
nft.mintProfile("Bob", 27, "ipfs://profileImage");
vm.prank(alice);
like.likeUser{value: 5 ether}(bob);
assertEq(address(like).balance, 5 ether);
}
Ran 1 test for test/testLikeRegistry.t.sol:LikeRegistryTest
[PASS] testLikeUserPayableMoreThan1Ether() (gas: 371644)
Suite result: ok. 1 passed; 0 failed; 0 skipped; finished in 5.10ms (95.25µs CPU time)

Recommended Mitigation

Remove >= , and replace with ==.

As shown below per the code recommendation.

function likeUser(address liked) external payable {
- require(msg.value >= 1 ether, "Must send at least 1 ETH");
+ require(msg.value == 1 ether, "Must send at least 1 ETH");
require(!likes[msg.sender][liked], "Already liked");
require(msg.sender != liked, "Cannot like yourself");
require(
profileNFT.profileToToken(msg.sender) != 0,
"Must have a profile NFT"
);
require(
profileNFT.profileToToken(liked) != 0,
"Liked user must have a profile NFT"
);
likes[msg.sender][liked] = true;
emit Liked(msg.sender, liked);
Updates

Lead Judging Commences

ai-first-flight-judge Lead Judge about 7 hours ago
Submission Judgement Published
Invalidated
Reason: Incorrect statement

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!